Tighten cybersecurity to protect vital data

As the number of cyberattacks against the U.S. government and private companies continues to grow, the president and Congress are struggling to find a way to protect our national interests while also safeguarding individual privacy.

President Obama signed an executive order earlier this month to address some concerns. The order promotes increased information sharing about cyberattacks between government and industry. However, it doesn’t go as far as legislation proposed by the administration. Instead of passing legislation that would improve cybersecurity, Congress has breathed new life into a bad bill.

Rep. Mike Rogers, a Michigan Republican who heads the House Intelligence Committee, is pushing what has become an unpopular piece of legislation among privacy advocates: the Cyber Intelligence Sharing and Protection Act. CISPA passed the House last year, but was deemed too weak by the president. He threatened a veto over some privacy and civil liberties concerns, and the legislation stalled.

Rogers’ bill has resurfaced in this new session with much of the same disagreeable language. His bill threatens individual privacy rights by increasing the sharing of information within the government and between the private sector and government, but virtually cutting off public access once the information is received by the government.

It is vitally important to protect America’s computer systems and networks, but that doesn’t mean that every security proposal is a good idea. The trouble with CISPA is that it creates some exceptions to well-established privacy laws. CISPA would give the government access to virtually every civilian communication by email, Facebook, Twitter and text without securing a warrant for the information. If you communicate electronically with your doctor, your health information could be swept up by the government.

A report by Mandiant, an American computer security firm, detailed the activities of cyberwarriors attached to the Chinese army. The Shanghai-based unit, according to Mandiant, is responsible for years of cyberattacks against American companies, stealing huge amounts of data and corporate secrets.

The difficulty for America is finding a way to comprehensively protect against cyberattacks without compromising the right to privacy, according to Kevin Goldberg, legal counsel for the American Society of News Editors. CISPA goes far beyond what is necessary for cybersecurity.

ASNE weighed in last year on CISPA from the Freedom of Information Act perspective, one mechanism by which government irregularities come to light.

The journalism group does not advocate for special protections for journalists, but the worry is how any proposal will affect individual civil liberties. One question is who will decide how the enormous amount of information collected will be distributed. Also, why the government is not letting the public know anything about the information collected, or how it is being used. Transparency is necessary so that the public can make sure the government is working properly.

The fact that more companies are “outing” themselves as victims of cyberattacks shows the issue will not be going away.

The executive order is a good first step toward securing our cyberborders, but tougher steps need congressional approval. Congress should give up on CISPA and work on legislation that will protect our information from both attack and unwarranted government intrusion.